How to disable directory listing in Apache
If mod_autoindex is installed and enabled, files and directories will be listed whenever you're browsing a directory and no DirectoryIndex files (normally configured as index.html, index.htm, index.php, welcome.html) are present in that directory.
It's a very useful feature but for security reasons you might disable directory browsing.
Disable directory listing in Apache:
Disable Apache directory listing by disabling mod_autoindex
The easiest way is probably to disable the autoindex module entirely. This would affect all the sites hosted on the server, which could be both good and bad.
The module is called autoindex, and can be disabled by the a2dismod command, as in the following example.
$ sudo a2dismod autoindex
Disable Apache directory listing by Directory's Options directive
The option could be applied per-directory, via the Directory's Option directive as the following.
<Directory /var/www/mysite> Options -Indexes </Directory>
Notice that it's -Indexes and not +Indexes
This could be set in your Apache's configuration file.
Disable Apache directory listing via .htaccess
The above method would also work by adding a .htaccess file with the following content that you want directory listing to be disabled.
Options -Indexes
Restart Apache for the changes to take effect
Guide compatibility:
| Operating System |
|---|
| Ubuntu 16.04 LTS (Xenial Xerus) |
| Ubuntu 16.10 (Yakkety Yak) |
| Ubuntu 17.04 (Zesty Zapus) |
| Ubuntu 17.10 (Artful Aardvark) |
| Ubuntu 18.04 LTS (Bionic Beaver) |
| Ubuntu 18.10 (Cosmic Cuttlefish) |
| Ubuntu 19.04 (Disco Dingo) |